That is the stage I was woken up to, a stage that is no longer about ‘safety’ but about convenience. And people will pass corpses just to give marketing a chance to set the phrase “This will be a lot more convenient to you” and it is a dangerous step. In one direction the news is good news. It shows that not only was I on the money when I wrote ‘As banks cut corners’ on September 7th, a mere three weeks later we see ‘Researchers find Apple Pay, Visa contactless hack’ (at https://www.bbc.co.uk/news/technology-58719891). Here we are given “researchers were able to make a Visa payment of £1,000 without unlocking the phone or authorising the payment”, a setting that evolved for people to bloody lazy to unlock their phones. Lets be clear this is a setting regarding commuters to make quick contactless payments without unlocking their phone. That gate is coming up and you know this 30 seconds in advance and unlocking the phone takes mere seconds. So when we get in opposition “Visa’s view was that this type of attack was “impractical”” did anyone tell VISA that they are marketing themselves as a bunch of tossers? There is nothing impractical about £1,000, 20 hits a day and the young entrepreneurs are sitting on a healthy income and it will take time to solve it after which someone else can make a new hack.
And Apple is not free of blame either. The response “This is a concern with a Visa system but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place”” gives criminals the stage where they can get away with it for some time. So how long until low income people can get a transit ghost? And all this is happening because there was no proper testing. Yet, it is an outlier and it was unlikely that people were seeking in this direction, but that will soon change. All because people were not willing to go through the inconvenience of unlocking their phone. So how long until this stage evolves beyond the Metro? Your first cup of coffee, your quick lunch, your cinema line, and that list goes on, all because of convenience we now see a stage where Apple and VISA are optionally catering to crime and organised crime (if they have a Filofax it is very organised crime).
A stage that is out in the open and we see deflection from VISA and to a smaller extent from Apple too. In this it is Dr Andreea Radu, of the University of Birmingham who seems to be the voice of reason with ““It has some technical complexity – but I feel the rewards from doing the attack are quite high”, she said, adding that if unaddressed “in a few years these might be become a real issue””, in addition we see that Samsung Pay and MasterCard cannot be exploited like that. So there is a stage where this goes (as the academics say) tits up. Concert tickets, beverages in any trade show all places where it is about small transactions and as they are all about the convenience of the people the criminals get to have a laughing feast, a feast with all the trimmings because the banks, in this case Financial Institutions cut another corner, optionally straight into your bank balance.
Enjoy your contactless payments today.
Lawrence van Rijn - Law Lord to be 